Texas Instruments Serial Programming Adapter MSP430 User manual
Application ReportSLAA089D – December 1999 – Revised August 2006
Features of the MSP430 Bootstrap LoaderStefan Schauer..................................................................................................................... MSP430
ABSTRACT
The MSP430 bootstrap loader (BSL) enables users to communicate with embeddedmemory in the MSP430 microcontroller during the prototyping phase, final production,and in service. Both the programmable memory (flash memory) and the data memory(RAM) can be modified as required.
The commonly used UART protocol with RS232 interfacing is supported, allowingflexible use of both hardware and software.
To use the bootstrap loader, a specific BSL entry sequence has to be applied tospecific device pins. An added sequence of commands initiates the desired function. Aboot-loading session can be exited by continuing operation at a defined user programaddress or by the reset condition.
Access to the MSP430 memory via the bootstrap loader is protected against misuse bya user-defined password.
Contents1 Introduction .......................................................................................... 22 Standard RESET and BSL Entry Sequence .................................................... 23 UART Protocol ...................................................................................... 34 Synchronization Sequence ........................................................................ 45 Commands .......................................................................................... 46 Programming Flow ................................................................................. 47 Data Frame .......................................................................................... 58 Loadable BSL ...................................................................................... 129 Exiting the BSL .................................................................................... 1210 Password Protection .............................................................................. 1211 Code Protection Fuse ............................................................................ 1312 BSL Internal Settings and Resources .......................................................... 1313 Special Consideration for BSL Version 1.10 .................................................. 1514 References ......................................................................................... 15Appendix A Differences Between Devices and BSL Versions ................................... 16Appendix B MSP430 BSL Replicator ................................................................ 23
SLAA089D – December 1999 – Revised August 2006 Features of the MSP430 Bootstrap Loader 1Submit Documentation Feedback
www.ti.com
1 Introduction
2 Standard RESET and BSL Entry Sequence
2.1 MSP430 20- and 28-Pin Flash Devices With Shared JTAG Pins
RST
DTR
/NMI
( )
TEST
( )RTS User Program Starts
Bootstrap Loader Starts
RST
DTR
/NMI
( )
TEST
( )RTS
Introduction
This bootstrap loader (BSL) provides a method to program the flash memory during MSP430 projectdevelopment and updates. It can be activated by a utility that sends commands via the familiar UARTprotocol. The BSL enables the user to control the activity of the MSP430 and to exchange data using apersonal computer or other device that supports a UART protocol.
To avoid accidental overwriting of the BSL code, this code is stored in a special factory-masked bootROM. The BSL cannot ever be erased. The BSL code is highly optimized for the BSL function and isaccessed using commands described later in this document. For security purposes and to preventunwanted source readout, user code protection is very important. Any BSL command that directly orindirectly allows data reading is password protected.
To invoke the bootstrap loader, a BSL entry sequence has to be applied to dedicated pins. After that, asynchronization character, followed by the data frame of a specific command, initiates the desiredfunction.
Applying an appropriate entry sequence on the RST/NMI and TEST pins forces the MSP430 to startprogram execution at the BSL RESET vector instead of at the RESET vector located at address FFFEh.
If the application interfaces with a computer UART, these two pins may be driven by the DTR and RTSsignals of the serial communication port (RS232) after passing level shifters. Detailed descriptions of thehardware and related considerations are given in a separate document (see Section 14 References). Thenormal user reset vector at FFFEh is used, if TEST is kept low while RST/NMI rises from low to high(standard method, see Figure 1 ).
Figure 1. Standard RESET Sequence
The BSL program execution starts whenever the TEST pin has received a minimum of two positivetransitions and if TEST is high while RST/NMI rises from low to high (BSL entry method, see Figure 2 ).This level/transition triggering improves BSL startup reliability.
Figure 2. BSL Entry Sequence at Shared JTAG Pins
2Features of the MSP430 Bootstrap Loader SLAA089D – December 1999 – Revised August 2006Submit Documentation Feedback
www.ti.com
2.2 MSP430 Flash Devices With Dedicated JTAG Pins
RST
DTR
/NMI
( )
TEST
( )RTS Bootstrap Loader Starts
3 UART Protocol
UART Protocol
The TEST signal is normally used simply to switch the port pins P1.7 to P1.4 between their applicationfunction and the JTAG function. If the second rising edge at the TEST pin is applied while RST/NMI is stilllow, the TEST signal is kept low internally (application mode).
The BSL will not be started (via the BSL RESET vector), if:•There are less than two positive edges at the TEST pin while RST/NMI is low•TEST is low when RST/NMI rises from low to high•JTAG has control over the MSP430 resources•Supply voltage, V
CC
, drops down and a power-on reset (POR) is executed•RST/NMI pin is configured for NMI functionality (NMI bit is set)
Note: The minimum timing for this sequence must be within the limits specified for thecorresponding pin in the datasheet.
Devices with dedicated JTAG pins use the TCK pin instead of the TEST pin.
The BSL program execution starts whenever the TCK pin has received a minimum of two negativetransitions and TCK is low while RST/NMI rises from low to high (BSL entry method, see Figure 3 ). Thislevel/transition triggering improves BSL start-up reliability.
Figure 3. BSL Entry Sequence at Dedicated JTAG Pins
Note: The minimum timing for this sequence has to be within the limits specified for thecorresponding pin in the datasheet.
The BSL will not be started (via the BSL RESET vector), if:•There are less than two negative edges at TCK pin while RST/NMI is low•TCK is high if RST/NMI rises from low to high•JTAG has control over the MSP430 resources•Supply voltage, V
CC
, drops down, and a power-on reset (POR) is executed•RST/NMI pin is configured for NMI functionality (NMI bit is set)
The UART protocol applied here is defined as:•Baud rate is fixed to 9600 baud in half duplex mode (one sender at a time).•Start bit, 8 data bits (LSB first), an even parity bit, 1 stop bit.•Handshake is performed by an acknowledge character.•Minimum time delay before sending new characters after characters have been received from theMSP430 BSL: 1.2 ms
Note: Applying baud rates other than 9600 baud at initialization results in communicationproblems or violates the flash memory write timing specification. The flash memory maybe extensively stressed or may react with unreliable program/erase operations.
SLAA089D – December 1999 – Revised August 2006 Features of the MSP430 Bootstrap Loader 3Submit Documentation Feedback
www.ti.com
4 Synchronization Sequence
5 Commands
5.1 Unprotected Commands
5.2 Password Protected Commands
6 Programming Flow
Synchronization Sequence
Before sending any command to the BSL, a synchronization character (SYNC) with its value of 80h has tobe sent to the BSL. This character is necessary to calculate all the essential internal parameters, whichmaintain UART and flash memory program/erase timings. It provides the BSL system time reference.Once this is received, an acknowledge DATA_ACK = 90h is sent back by the BSL to confirm successfulreception.
This sequence must be done before every command that is sent to the BSL.
Note: The synchronization character is not part of the Data Frame described later.
Two categories of commands are available: commands that require a password and commands that donot require a password. The password protection safeguards every command that potentially allows director indirect data access.
•Receive password•Mass erase (erase entire flash memory, main as well as information memory)•Transmit BSL version (V1.60 or higher or in loadable BL_150S_14x.txt)•Change baud rate (V1.60 or V1.61 or in loadable BL_150S_14x.txt)
•Receive data block to program flash memory, RAM, or peripherals•Transmit data block•Erase segment•Erase check (V1.60 or higher or in loadable BL_150S_14x.txt)•Set Memory Offset (V2.12)•Load program counter and start user program•Change baud rate (moved to a protected command starting with BSL version 2.01)
The write access (RX data block command) to the flash memory/RAM or peripheral modules area isexecuted online. That means a data byte/word is processed immediately after receipt and the write cycleis finished before a following byte/word has completely arrived. Therefore, the entire write time isdetermined by the baud rate, and no buffering mechanism is necessary.
Data sections located below the flash memory area address are assumed to be loaded into the RAM orperipheral module area and, thus, no specific flash control bits are affected.
Note: When losing control over the UART protocol, either by line faults or by violating the dataframe conventions, the only way to recover is to rerun the BSL entry sequence to initiateanother BSL session.
Features of the MSP430 Bootstrap Loader4 SLAA089D – December 1999 – Revised August 2006Submit Documentation Feedback
www.ti.com
7 Data Frame
7.1 Data-Stream Structure
Data Frame
To get high data security during the data transmission, a data frame protocol called serial standardprotocol (SSP) is used. The BSL is considered the receiver in Table 1 .
For more information on serial standard protocol (SSP), see the TI application report, Application ofBootstrap Loader in MSP430 With Flash Hardware and Software Proposal, literature number SLAA096.
•The first 8 bytes (HDR through LH) are mandatory (xx represents dummy data).•Data bytes D1 to Dn are optional.•Two bytes (CKL and CKH) for checksum are mandatory.•Acknowledge done by the BSL is mandatory, except with the TX data block and TX BSL versioncommands.
Table 1. Data Frame of BSL Commands
(1) (2) (3) (4) (5)
Received
BSL HDR CMD L1 L2 AL AH LL LH D1 D2 …Dn CKL CKH ACKCommand
RX data block 80 12 n n AL AH n–4 0 D1 D2 …Dn–4 CKL CKH ACKRX password 80 10 24 24 xx xx xx xx D1 D2 …D20 CKL CKH ACKErase segment 80 16 04 04 AL AH 02 A5 – – – – CKL CKH ACKErase main or info 80 16 04 04 AL AH 04 A5 – – – – CKL CKH ACKMass erase 80 18 04 04 xx xx xx xx – – – – CKL CKH ACKErase check 80 1C 04 04 AL AH LL LH – – – – CKL CKH ACKChange baud rate 80 20 04 04 D1 D2 D3 xx – – – – CKL CKH ACKSet mem offset 80 21 04 04 AL AH xx xx – – – – CKL CKH ACKLoad PC 80 1A 04 04 AL AH xx xx – – – – CKL CKH ACKTX data block 80 14 04 04 AL AH n 0 – – – – CKL CKH –BSL responds 80 xx n n D1 D2 ... ... …... …Dn CKL CKH –TX BSL version 80 1E 04 04 xx xx xx xx – – – – CKL CKH –BSL responds 80 xx 10 10 D1 D2 ... ... … … … D10 CKL CKH –
(1)
All numbers are bytes in hexadecimal notation.(2)
ACK is sent back by the BSL.(3)
The synchronization sequence is not part of the data frame.(4)
The erase check and TX BSL version commands are not members of the standard command set (V1.50 or higher).(5)
The change baud rate command is not a member of the standard command set (V1.60 or higher or in loadableBL_150S_14x.txt).
SLAA089D – December 1999 – Revised August 2006 Features of the MSP430 Bootstrap Loader 5Submit Documentation Feedback
www.ti.com
7.2 Checksum
7.3 Example Sequence
Data Frame
Abbreviations:
HDR Header: Any value between 80h and 8Fh (normally 80h).CMD Command identificationL1, L2 Number of bytes consisting of AL through DnRestrictions: L1 = L2, L1 < 255, L1 evenAL, AH Block start address or erase (check) address or jump address LO/HI byteLL, LH Number of pure data bytes (250 max) or erase information LO/HI byte or block length oferase check (FFFFh max)D1 …Dn Data bytesCKL, CKH 16-bit checksum LO/HI bytexx Can be any data-- No character (data byte) received/transmittedACK The acknowledge character returned by the BSL. Can be either DATA_ACK = 90h: Framewas received correctly, command was executed successfully, or DATA_NAK = A0h: Framenot valid (e.g., wrong checksum, L1 ≠L2), command is not defined, is not allowed, or wasexecuted unsuccessfully.nNumber of bytes consisting of AL through Dn
The 16-bit (2 bytes) checksum is calculated over all received/transmitted bytes B1 ... Bn in the data frame,except the checksum bytes themselves, by XORing words (2 successive bytes) and inverting the result.
This means that B1 is always the HDR byte and Bn is the last data byte just before the CKL byte.
Formula –CHECKSUM = INV [ (B1 + 256 ×B2) XOR (B3 + 256 ×B4) XOR …XOR (Bn – 1 + 256 ×Bn) ]or
CKL = INV [ B1 XOR B3 XOR …XOR Bn–1 ]CKH = INV [ B2 XOR B4 XOR …XOR Bn ]
The following example shows a request to read the memory of the MSP430 from location 0x0F00. Allvalues shown below are represented in hexadecimal format.
TO BSL: 80
(Sych character sent to the BSL)FROM BSL: 90
(Acknowledge from BSL)TO BSL: 80 14 04 04 F0 0F 0E 00 85 E0(Send Command to read memory from 0x0F00, length 0x000E)FROM BSL: 80 00 0E 0E F2 13 40 40 00 00 00 00 00 00 02 01 01 01 C0 A2(Returned values from BSL)
Features of the MSP430 Bootstrap Loader6 SLAA089D – December 1999 – Revised August 2006Submit Documentation Feedback
www.ti.com
7.4 Commands – Detailed Description
7.4.1 General
7.4.2 RX Data Block
7.4.3 RX Password
Data Frame
See Table 1 .
Besides the header byte HDR (80h) and the command identification CMD, the frame length bytes L1 andL2 (which must be equal) hold the number of bytes following L2, excluding the checksum bytes CKL andCKH.
Bytes AL, AH, LL, LH, D1...Dn are command-specific. However, the checksum bytes CKL (low byte) andCKH (high byte) are mandatory.
If the data frame has been received correctly and the command execution was successful, anacknowledge character DATA_ACK = 90h is sent back by the BSL. Incorrectly received data frames,unsuccessful operations, and commands that are locked or not defined are confirmed with a DATA_NAK =A0h.
Note: BSL versions lower than V1.30 support only byte access operations. Therefore, theperipheral module addresses at 0100h–01FFh cannot be accessed correctly, becausethey are word-oriented. From version V1.30 and up, addresses 0000h–00FFh areaccessed in byte mode; all others are accessed in word mode.
The receive data block command is used for any write access to the flash memory/RAM or peripheralmodule control registers at 0000h–01FFh. It is password protected.
The 16-bit even-numbered block start address is defined in AL (low byte) and AH (high byte). The 16-biteven-numbered block length is defined in LL (low byte) and LH (high byte). Because pure data bytes arelimited to a maximum of 250, LH is always 0.
The following data bytes are succeeded by the checksum bytes CKL (low byte) and CKH (high byte). Ifthe receipt and programming of the appropriate data block was successful, an acknowledge characterDATA_ACK is sent back by the BSL. Otherwise, the BSL confirms with a DATA_NAK.
Note: BSL versions V1.40 and higher support online verification inside the MSP430 foraddresses 0200h–FFFFh, which reduces programming/verification time to 50%. Onlineverification means that the data is immediately verified with the data that is written into theflash without transmitting it again. In case of an error, the loadable bootstrap loaderBL_150S_14x.txt additionally stores the first incorrectly written location address+3 into theerror address buffer in the RAM at address 0200h (021Eh for F14x devices).
The receive password command is used to unlock the password-protected commands, which performreading, writing, or segment-erasing memory access. It is not password protected.
Neither start address nor block length information is necessary, because the 32-byte password is alwayslocated at addresses FFE0h–FFFFh. Data bytes D1 to D20h hold the password information starting withD1 at address FFE0h.
If the receipt and verification of the password is correct, a positive acknowledge DATA_ACK is sent backby the BSL, and the password-protected commands become unlocked. Otherwise the BSL confirms with aDATA_NAK.
Once the protected commands become unlocked, they remain unlocked until another BSL entry isinitiated.
SLAA089D – December 1999 – Revised August 2006 Features of the MSP430 Bootstrap Loader 7Submit Documentation Feedback
www.ti.com
7.4.4 Mass Erase
7.4.5 Erase Segment
Data Frame
The mass erase command erases the entire flash memory area (main memory plus information memory,see corresponding data sheet). It is not password protected.
All parameters shown in Table 1 are mandatory. After erasing, an acknowledge character DATA_ACK issent back by the BSL.
Mass erase initializes the password area to 32 times 0FFh.
Note: BSL versions V2.01 and higher support automatic clearing of the LOCKA bit protectinginformation flash memory. When the BSL is entered from a rest condition, LOCKA iscleared by the BSL in order to mass erase the flash, including information memory. Whenthe BSL is entered in-application, user software should take care that LOCKA = 1 prior toinitiating the BSL. Otherwise, information flash will not be erased during a BSL masserase.
The erase segment command erases specific flash memory segments. It is password protected.
The address bytes AL (low byte) and AH (high byte) select the appropriate segment. Any even-numberedaddress within the segment to be erased is valid. After segment erasing, an acknowledge characterDATA_ACK is sent back by the BSL (V1.40 or lower).
BSL versions V1.60 or higher perform a subsequent erase check of the corresponding segment andrespond with a DATA_NAK if the erasure was not successful. In this case, the first unerased locationaddress + 1 is stored in the error address buffer in the RAM at address 0200h (021Eh for F14x devices).In this version, a problem occurs if only one of the information memory segments is erased. In this case,an error is reported, because an automatic erase check over the whole information memory is performed.As a solution, either erase the whole information memory or do a separate erase check after the erase,even if the erase reported an error.
Erase segment 0 clears the password area and, therefore, the remaining password is 32 times 0FFh.
When applying LL = 0x04 and LH = 0xA5, a mass erasure of only the main memory is performed. Indeed,this command must be executed a minimum of 12 times to achieve a total erasure time of >200 ms. Nosubsequent erase check of the entire main memory is done. Use the erase check command additionally.Check the device datasheet for more information on the cumulative (mass) erase time that must be metand the number of erase cycles required.
8Features of the MSP430 Bootstrap Loader SLAA089D – December 1999 – Revised August 2006Submit Documentation Feedback
www.ti.com
7.4.6 Erase Check
7.4.7 Change Baud Rate
Data Frame
The MSP430F1xxx and MSP430F4xxx device segmentation is configured as follows:
0FE00h–0FFFFh : Segment 0 Main memory0FC00h–0FDFFh : Segment 10FA00h–0FBFFh : Segment 20F800h–0F9FFh : Segment 3...
01200h–013FFh : Segment n-101100h–011FFh : Segment n01080h–010FFh : Segment A01000h–0107Fh : Segment B Information memory
The MSP430F2xxx device segmentation is configured as follows:
0FE00h–0FFFFh : Segment 0 Main memory0FC00h–0FDFFh : Segment 10FA00h–0FBFFh : Segment 20F800h–0F9FFh : Segment 3...
01200h–013FFh : Segment n-101100h–011FFh : Segment n010C0h–010FFh : Segment A Information memory01080h–010BFh : Segment B01040h–0107Fh : Segment C01000h–0103Fh : Segment D
The erase check command verifies the erasure of flash memory within a certain address range. It ispassword protected.
The 16-bit block start address is defined in AL (low byte) and AH (high byte). The 16-bit block length isdefined in LL (low byte) and LH (high byte). Both can be either even or odd numbered to allow oddboundary checking.
If the erase check of the appropriate data block was successful (all bytes contain 0FFh), an acknowledgecharacter DATA_ACK is sent back by the BSL. Otherwise, the BSL confirms with a DATA_NAK and thefirst non-erased location address + 1 is stored in the error address buffer at address 0200h (021Eh forF14x devices).
Note: This command is not a member of the standard command set. It is implemented in BSLversion V1.60 and higher or in the loadable bootstrap loader BL_150S_14x.txt.
The change baud rate command offers the capability of transmissions at higher baud rates than thedefault 9600 baud. With faster data transition, shorter programming cycles can be achieved, which isespecially important with large flash memory devices. This command is not password protected.
SLAA089D – December 1999 – Revised August 2006 Features of the MSP430 Bootstrap Loader 9Submit Documentation Feedback
www.ti.com
Data Frame
Three control bytes (D1 to D3) determine the selected baud rate. D1 and D2 set the processor frequency(f ≥f
min
), D3 indirectly sets the flash timing generator frequency (f
FTGmin
≤f
FTG
≤f
FTGmax
). In detail:
D1: F1xx: Basic clock module control register DCOCTL (DCO.2 ... DCO.0)F2xx: Basic clock module control register DCOCTL (DCO.2 ... DCO.0)F4xx: FLL+ system clock control register SCFI0 (D, FN_8 ... FN_2)D2: F1xx: basic clock module control register BCSCTL1 (XT2Off, Rsel.2 ... Rsel.0)F2xx: basic clock module control register BCSCTL1 (XT2Off, Rsel.2 ... Rsel.0)F4xx: FLL+ system clock control register SCFI1 (N
DCO
)D3 0: 9600 Baud1: 19200 Baud2: 38400 Baud
After receiving the data frame, an acknowledge character DATA_ACK is sent back, and the BSL becomesprepared for the selected baud rate. It is recommended for the BSL communication program to waitapproximately 10 ms between baud rate alteration and succeeding data transmission to give the BSLclock system time for stabilization.
Note: The highest achievable baud rate depends on various system and environmentparameters like supply voltage, temperature range, and minimum/maximum processorfrequency. See the corresponding device specification/data sheet.
Note: This command is implemented on BSL versions V1.60 or higher or available in theloadable bootstrap loader BL_150S_14x.txt.
Table 2. Recommendations for MSP430F149 [F449]
(1)
(T
A
= 25 °C, V
CC
= 3.0 V, f
max
= 6.7 MHz)
PROCESSOR PROGRAM/VERIFYBAUD RATE D1 DCOCTL D2 BCSCTL1FREQUENCY, f
min
D3
(3)
60 Kbytes(Baud) [SCFI0]
(3)
[SCFI1]
(3)(MHz)
(2)
(sec)
(4)
9600 (init) 1.05 0x80 [00] 0x85 [98] 00 [00] 78 + 3.7 [0.0]19200 2.1 0xE0 [00] 0x86 [B0] 01 [01] 39 + 3.7 [2.4]38400 4.2 0xE0 [00] 0x87 [C8] 02 [02] 20 + 3.7 [2.4]
(1)
Values in brackets [ ] are related to MSP430F449.(2)
The minimum processor frequency is lower than in the standard ROM BSL (see Section 12.3 , Initialization Status).(3)
D1 to D3 are bytes in hexadecimal notation.(4)
Additional 3.7 [2.4] seconds result from loading, verifying, and launching the loadable BSL.
Table 3. Recommendations for MSP430F2131
(1)
(T
A
= 25 °C, V
CC
= 3.0 V, f
max
= 6.7 MHz)
PROCESSOR PROGRAM/VERIFYBAUD RATE D1 DCOCTL D2 BCSCTL1FREQUENCY, f
min
D3
(3)
60 Kbytes(Baud) [SCFI0]
(3)
[SCFI1]
(3)(MHz)
(2)
(sec)
9600 (init) 1.05 0x80 0x85 00 7819200 2.1 0x00 0x8B 01 3938400 4.2 0x80 0x8C 02 20
(1)
Values in brackets [ ] are related to MSP430F449.(2)
The minimum processor frequency is lower than in the standard ROM BSL (see Section 12.3 , Initialization Status).(3)
D1 to D3 are bytes in hexadecimal notation.
Features of the MSP430 Bootstrap Loader10 SLAA089D – December 1999 – Revised August 2006Submit Documentation Feedback
www.ti.com
7.4.8 Set Memory Offset
7.4.9 Load PC
7.4.10 TX Data Block
7.4.11 TX BSL Version
Data Frame
An offset for the memory pointer can be set for devices that have more than 64K of memory, specificallyMSP430X architecture devices. The value for the memory offset is used as the memory pointer’s upperword.
MemoryAddress = OffsetValue << 16 + ActualAddress
Note: This command is implemented on BSL versions V2.12 and greater.
The load program counter command directs the program counter (register R0) to any location within theentire address range. It is password protected.
After receiving the data frame, an acknowledge character (DATA_ACK) is sent back by the BSL. Then theselected address is moved into the program counter. The program flow continues operation there, and theBSL session is terminated.
Be aware that the password protection is not active at this time.
The transmit data block command is used for any read access to the flash memory/RAM or peripheralmodule control registers at 0000h–01FFh. It is password protected.
The 16-bit block start address is defined in AL (low byte) and AH (high byte). The 16-bit block length isdefined in LL (low byte) and LH (high byte). Because pure data bytes are limited to a maximum of 250, LHis always 0. The checksum bytes CKL (low byte) and CKH (high byte) immediately follow this information.
Now the BSL responds with the requested data block. After transmitting HDR, dummy CMD, L1 and L2,The BSL sends data bytes D1 through Dn, followed by the checksum bytes CKL (low byte) and CKH (highbyte). No acknowledge character is necessary.
The transmit BSL version command gives the user information about chip identification and bootstraploader software version. It is not password protected.
The values for AL, AH, LL, and LH can be any data, but must be transmitted to meet the protocolrequirements. The checksum bytes CKL (low byte) and CKH (high byte) immediately follow thisinformation.
After that, the BSL responds with a 16-byte data block. After transmitting HDR, dummy CMD, L1 and L2,the BSL sends data bytes D1 through D16 (decimal), followed by the checksum bytes CKL (low byte) andCKH (high byte). No acknowledge character is necessary.
D1, D2 and D11, D12 (decimal) hold the specific information:•D1: Device family type (high byte)•D2: Device family type (low byte)•D11: BSL version (high byte)•D12: BSL version (low byte) The remaining 12 bytes are for internal use only.
SLAA089D – December 1999 – Revised August 2006 Features of the MSP430 Bootstrap Loader 11Submit Documentation Feedback
www.ti.com
8 Loadable BSL
9 Exiting the BSL
10 Password Protection
Loadable BSL
For upgrading the BSL functionality, sometimes it is suitable to load a higher version of BSL into the RAMof a device and apply the latest innovations. To do so, use the following BSL commands:•RX password (unlock password protection for following commands)•RX data block (code of loadable BSL, code section address ≥220h)•TX data block (for verification)•RX data block (get start address from first code section address)•Load program counter PC (with start address of loadable BSL)•Wait at least 5 ms until the new loaded BSL has executed the initialized routine•RX password (unlock password protection for loaded BSL)•Perform any command (with loaded BSL)
The following loadable BSLs are available:
•BL_150S_14x.txt is a complete BSL for the F14x/F13x family with BSL version 1.10. All features ofBSL version V1.60 are supported. Because its code size is bigger than 1K byte, it can be used only inF1x8 and F1x9 devices. The error address buffer address for "RX Block", "Erase Segment", and"Erase Check" commands is 021Eh. BL_150S_14x.txt could also be used as a replacement forPATCH.txt.
•BS_150S_14x.txt is a small BSL with reduced command set for the F14x/F13x family with BSL version1.10. Because its code size is smaller than 512B, it can be used in F1x4 upto F1x9 devices. Thefollowing commands of BSL version V1.60 are supported: Change Baudrate, RX Block (with onlineverification), Erase Check, and Load PC. If a TX Block command (redirected to ROM BSL) is needed(e.g., for transmitting error address or standalone Verify), the RAM BSL must be invoked again via theLoad PC command. The error address buffer address for RX Block and Erase Check commands is021Eh. BS_150S_14x.txt could also be used as a partial replacement for PATCH.txt. Note that nopassword is required, as the RX password command is stripped!
For more information on downloading a different bootstrap loader, see Application of Bootstrap Loader inMSP430 With Flash Hardware and Software Proposal (SLAA096).
Third-party software normally uses loadable BSLs to perform most functions, like online verification, and toimprove speed for appropriate devices.
To exit the BSL mode, two possibilities are provided:•The microcontroller continues operation at a defined program address invoked by the load programcounter command. Be aware of that the password protection is not active at this time. In this case, theuser application should ensure that the flash is locked, as this is not done by the BSL. Leaving the BSLunlocked increases the risk of erroneously modifying the flash do to system or software errors. On ‘2xxdevices, the correct setting of the LOCKA bit should also be checked.•Applying the standard RESET sequence (see Figure 1 ) forces the MSP430 to start with the user resetvector at address 0FFFEh.
The password protection prohibits every command that potentially allows direct or indirect data access.Only the unprotected commands like mass erase and RX password (optionally, TX BSL version andchange baud rate) can be performed without prior receipt of the correct password after BSL entry.
Applying the RX password command for receiving the correct password unlocks the remainingcommands.
Once it is unlocked, it remains unlocked until initiating another BSL entry.
The password itself consists of the 16 interrupt vectors located at addresses FFE0h to FFFFh (256 bits),starting with the first byte at address FFE0h. After mass erase and with unprogrammed devices, allpassword bits are logical high (1).
12 Features of the MSP430 Bootstrap Loader SLAA089D – December 1999 – Revised August 2006Submit Documentation Feedback
www.ti.com
11 Code Protection Fuse
12 BSL Internal Settings and Resources
12.1 Chip Identification and BSL Version
12.2 Vectors to Call the BSL Externally
12.3 Initialization Status
Code Protection Fuse
BSL versions 2.00 and higher have enhanced security features. These features are controlled by the flashdata word located beneath the interrupt vector table addresses (e.g., for the MSP430F2131, address0xFFDE). If this word contains:•0x0000: The flash memory will not be erased if an incorrect BSL password has been received by thetarget.
•0xAA55: The BSL is disabled. This means that the BSL will not be started with the default initializationsequence shown in Section 2 .•All other values: If an incorrect password is transmitted, the entire flash memory address space will beerased automatically.
Note: The user must take care of password update after modifying the interrupt vectors andinitiating another BSL session. It is also strongly recommended to initialize unusedinterrupt vectors to increase data security.
Once the JTAG fuse (code protection fuse) is blown, no further access to the JTAG/test feature ispossible. The only way to get any memory read/write access is via the bootstrap loader by applying thecorrect password.
However, it is not possible for the BSL to blow the JTAG fuse. If fuse blowing is needed, use JTAGprogramming techniques.
The following paragraphs describe BSL internal settings and resources. Because the same device mayhave implemented different BSL versions, it is very important for the BSL communication program to knowthe settings and resources. Resources could be either device dependent (e.g., RX/TX pins) orBSL-version dependent (e.g., byte/word access). The following paragraphs describe the possiblevariations.
The upper 16 bytes of the boot-ROM (0FF0h–0FFFh) hold information about the device and BSL versionnumber in BCD representation. This is common for all devices and BSL versions:•0FF0h–0FF1h: Chip identification (e.g., F413h for an F41x device).•0FFAh–0FFBh: BSL version number (e.g., 0130h for BSL version V1.30).
Please see the MSP430 device/BSL version assignment in Chapter A .
The entry part of the boot ROM holds the calling vectors for BSL access by program:•0C00h: Vector for cold-start (mnemonic: BR &0C00h)•0C02h: Vector for warm-start (mnemonic: BR &0C02h). V1.30 or higher.•0C04h: Vector(s) for future use. This table is expandable.
Note: A warm-start does not modify the stack pointer.
When activating the BSL, the following settings take effect:•Stop Watchdog Timer•Disable all interrupts (GIE = 0)•V1.10:
SLAA089D – December 1999 – Revised August 2006 Features of the MSP430 Bootstrap Loader 13Submit Documentation Feedback
www.ti.com
12.4 Memory Allocation and Resources
BSL Internal Settings and Resources
The stack pointer is not modified, except when it points to an excluded memory area. If so, it isinitialized to 021Ah.V1.30 or higher:The stack pointer is not modified if the BSL is called by program via the warm-start vector. It isinitialized to 0220h if the BSL starts via the BSL RESET sequence or is called by program via thecold-start vector.•F1xx:
Determine basic clock module so that minimum frequency is 1.5 MHz:BCSCTL1 = 85h (RSEL = 5, XT2Off = 1)DCOCTL = 80h (DCO = 4, MOD = 0)BCSCTL2 = 00h only at cold-startSR: SCG1 = 00h (SMCLK on) only at cold-startF2xx:
Determine basic clock module so that minimum frequency is 1.5 MHz:BCSCTL1 = 88h (RSEL = 8, XT2Off = 1)DCOCTL = 80h (DCO = 4, MOD = 0)BCSCTL2 = 00h only at cold-startSR: SCG1 = 00h (SMCLK on) only at cold-startF4xx:
Determine FLL oscillator/system clock so that minimum frequency is 1.5 MHz:SCFI0 = 00h (D = 0, FN_x = 0)SCFI1 = 98h (N_DCO)SCFQCTL: (M = 0 )SR: SCG0 = 1 (FLL loop control off)FLL_CTL1 = 00h only at cold-start•SW-UART: Timer_A operates in continuous mode with MCLK source (Div = 1)CCR0 used for compareCCTL0 used for polling of CCIFG0•TX pin is set to output HI for RS232 idle state•RX pin is set to input•Password-protected commands are locked (only at cold-start)
After system initialization, the BSL is ready for operation and waits for the first synchronization sequence(SS) followed by a data frame containing the first BSL command.
•The BSL program code is located in the boot-ROM area 0C00h–0FEFh.•Addresses 0FF0h–0FFFh hold the device identification.•The BSL variables occupy the RAM area– 0200h–0213h (V1.10)– 0200h–0219h (V1.30 or higher)•The BSL stack occupies the RAM area– 0214h–0219h (V1.10)– 021Ah–021Fh (V1.30 or higher, only at cold-start)•The working registers used are:– R5–R9 (V1.30 or lower) or– R5–R10 (V1.40) or– R5–R11 (V1.60) or– R5-R14 (V2.00 or higher)Their contents are not buffered.– F1xx/F2xx:
•The basic clock module registers used are:•DCOCTL at address 056h•BCSCTL1 at address 057h
14 Features of the MSP430 Bootstrap Loader SLAA089D – December 1999 – Revised August 2006Submit Documentation Feedback
www.ti.com
13 Special Consideration for BSL Version 1.10
14 References
Special Consideration for BSL Version 1.10
– F4xx:
•The FLL oscillator/system clock registers used are:•SCFI0 at address 050h•SCFI1 at address 051h•SCFQCTL at address 052h•The Timer_A control registers used are:•TACTL at address 0160h•CCTL0 at address 0162h•TAR at address 0170h•CCR0 at address 0172h•The flash control registers used are:•FCTL1 at address 0128h•FCTL2 at address 012Ah•FCTL3 at address 012Ch•No interrupt service is affected.
The first official version V1.10 of the BSL requires a small loadable patch sequence, PATCH.TXT, toreliably execute the RX block command. The same procedure must be executed if a loadable BSL shouldbe downloaded to such a device. For that, after the BSL has been started, proceed in the followingmanner:
•RX password (unlock password protection for the following command)•Load program counter (PC) with 0C22h (initialize stack pointer to a safe address)•RX password again (unlock password protection for subsequent commands)•RX data block (code of loadable patch, code section address is 0220h)•TX data block (code of loadable patch for verification)
From this time forward, the RX block and TX block commands can be used with one restriction: prior totheir invocation, the program counter must be set to the start address of the patch.•Load program counter (PC) with start address 0220h of loadable patch•RX data block (code to be programmed at any location), or•TX data block (from any location)
For more information on downloading a patch or different bootstrap loader, see Application of BootstrapLoader in MSP430 With Flash Hardware and Software Proposal (SLAA096).
1. MSP430x1xx Family User’s Guide (SLAU049)2. MSP430x2xx Family User’s Guide (SLAU144)3. MSP430x4xx Family User’s Guide (SLAU056)4. Application of Bootstrap Loader in MSP430 With Flash Hardware and Software Proposal (SLAA096)
For a list of third parties that offer BSL hardware and software solutions, please see the MSP430 web siteat http://www.ti.com/sc/msp430 (> Design Resources > Third Party > Tools).
SLAA089D – December 1999 – Revised August 2006 Features of the MSP430 Bootstrap Loader 15Submit Documentation Feedback
www.ti.com
Appendix A Differences Between Devices and BSL Versions
Appendix A
In summary, the tables in this appendix show the key information of MSP430 device/BSL versionassignment related to their hard/software resources.
Table A-1. BSL Version 1.10 on F13x, F14x(1), F11x, and F11x1
F13x F11x (obsolete)Device
F14x(1) F11x1 (obsolete)
BSL Version 1.10
Cold start 0C00hBSL vector address
Warm start —Chip ID address 0FF0hChip ID data F149h F112hBSL version address 0FFAhBSL version data 0110hMass erase time, nominal (ms) 17.2
(1)
Read/write access at 0000h–FFFFh ByteVerification during write (online) NoSP critical 021AhStack pointer initialization
SP not critical Unchanged
Resources Used by BSL
Transmit pin (TX)/Receive pin (RX) P 1.1 / P2.2RAM/stack used 0200h–0219hWorking registers R5–R9System clock, affected controls BCSCTL1, DCOCTLTimer_A, affected controls TACTL, TAR, CCTL0, CCR0
mov #00h, &CCTL0bic.b #02h, &P1SELbic.b #04h, &P2SELPreparation for SW call
bic.b #32h, &IE1mov.b #00h, &BCSCTL2mov #00h, SRbr &0C00h
Comment 1 Load PATCH.TXT to eliminate ROM bug. See chapters ”SpecialWorkaround mandatory: Considerations for BSL Version 1.10” and “Loadable BSL”.Comment 2 Load BL_150S_14x.txt to get all features of V1.60 plus validOptional for F148, F149 only: Use loadable BSL erase segment command: See chapter “Loadable BSL”.(>1KB RAM required)Comment 3 Load BS_150S_14x.txt to get some features of V1.60: SeeOptional for F1x4 …F1x9: Use small loadable BSL chapter “Loadable BSL”.(<512B RAM required)
(1)
To reach the required mass erase time as specified in the datasheet the mass erase command has to be executed severaltimes.
16 Features of the MSP430 Bootstrap Loader SLAA089D – December 1999 – Revised August 2006Submit Documentation Feedback
www.ti.com
Appendix A
Table A-2. BSL Version 1.30 on F41x, F11x, and F11x1
F11x (obsolete)Device F14x
F11x1A
BSL Version 1.30
Cold start 0C00hBSL vector address
Warm start 0C02hChip ID address 0FF0hChip ID data F143h F112hBSL version address 0FFAhBSL version data 0130hMass erase time, nominal (ms) 206.40000h–00FFh ByteRead/write access at
0100h–FFFEh WordVerification during write (online) NoCold start 0220hStack pointer initialization
Warm start Unchanged
Resources Used by BSL
Transmit pin (TX) P 1.0 P 1.1Receive pin (RX) P2.1 P2.2RAM/stack used 0200h–021FhWorking registers R5–R9System clock, affected controls SCFI0, SCFI1, SCFQCTL BCSCTL1, DCOCTLTimer_A, affected controls TACTL, TAR, CCTL0, CCR0
mov #00h, &CCTL0mov #00h, &CCTL0
mov.b #00h, &BCSCTL2Preparation for SW call
mov.b #00h, &FLLCTL1
mov #00h, SRbr &0C00h
br &0C00h
SLAA089D – December 1999 – Revised August 2006 Features of the MSP430 Bootstrap Loader 17Submit Documentation Feedback
www.ti.com
Appendix A
Table A-3. BSL Version 1.40 on F12x
Device F122, F123X
BSL Version 1.40
Cold start 0C00hBSL vector address
Warm start 0C02hChip ID address 0FF0hChip ID data F123hBSL version address 0FFAhBSL version data 0140hMass erase time, nominal (ms) 206.4Read/write access at 0000h–00FFh Byte0100h–FFFEh WordVerification during write (online) For addresses 0200h-FFFEhStack pointer initialization Cold start 0220hWarm start Unchanged
Resources Used by BSL
Transmit pin (TX) P1.1Receive pin (RX) P2.2RAM/stack used 0200h–021FhWorking registers R5–R10System clock, affected controls BCSCTL1, DCOCTLTimer_A, affected controls TACTL, TAR, CCTL0, CCR0
mov.b #00h, &BCSCTL2Preparation for SW call
mov #00h, SRbr &0C00h
Features of the MSP430 Bootstrap Loader18 SLAA089D – December 1999 – Revised August 2006Submit Documentation Feedback
www.ti.com
Appendix A
Table A-4. BSL Version 1.60 on F11x2, F12x2, F43x, F44x, FE42x, FW42x, FG43x, F415, F417
FE42x,F1122, F1222, F43x,Device FW42x, FG43xF1132 F1232 F44x
F41(5,7)
BSL Version 1.60
Cold start 0C00hBSL vector address
Warm start 0C02hChip ID address 0FF0hChip ID data 1132h 1232h F449h F427h F439hBSL version address 0FFAhBSL version data 0160hMass erase time, nominal (ms) 206.4Read/write access 0000h–00FFh Byteat
0100h–FFFEh WordVerification during write (online) For addresses 0200h-FFFEhErase check command Yes (error address 0200h)Erase segment command With erasure verification (error address 0200h)TX identification command YesChange baud rate command YesStack pointer Cold start 0220hinitialization
Warm start Unchanged
Resources Used by BSL
Transmit pin (TX) P1.1 P1.0Receive pin (RX) P2.2 P1.1RAM/stack used 0200h–021FhWorking registers R5–R12System clock, affected controls BCSCTL1, DCOCTL SCFI0, SCFI1, SCFQCTLTimer_A, affected controls TACTL, TAR, CCTL0, CCR0
mov.b #00h, &BCSCTL2 mov.b #00h, &FLLCTL1Preparation for SW call
mov #00h, SR br &0C00hbr &0C00h
Comment Erase segment Addresses 1000h to 11FFh are verified coherently (3 segments). Also use erase checkcommand command.
SLAA089D – December 1999 – Revised August 2006 Features of the MSP430 Bootstrap Loader 19Submit Documentation Feedback
www.ti.com
Appendix A
Table A-5. BSL Version 1.61 on F16x, 161x, F42x0
Device F16x F161x F42x0
BSL Version 1.61
Cold start 0C00hBSL vector
address
Warm start 0C02hChip ID address 0FF0hChip ID data 0F169h 0F16Ch F427hBSL version address 0FFAhBSL version data 0161hMass erase time, nominal (ms) 206.4Read/write 0000h–00FFh Byteaccess at
0100h–FFFEh WordVerification during write (online) For addresses 0200h-FFFEhErase check command Yes (error address 0200h)Erase segment command With erasure verification (error address 0200h)TX identification command YesChange baud rate command YesStack pointer Cold start 0220hinitialization
Warm start Unchanged
Resources Used by BSL
Transmit pin (TX) P1.1 P1.0Receive pin (RX) P2.2 P1.1RAM/stack used 0200h–021FhWorking registers R5–R14System clock, affected controls BCSCTL1, DCOCTL SCFI0, SCFI1, SCFQCTLTimer_A, affected controls TACTL, TAR, CCTL0, CCR0
mov.b #00h, &BCSCTL2 mov.b #00h, &FLLCTL1Preparation for SW call
mov #00h, SR br &0C00hbr &0C00h
Comment Erase segment Addresses 1000h to 11FFh are verified coherently (3 segments). Also use erase checkcommand command.
Features of the MSP430 Bootstrap Loader20 SLAA089D – December 1999 – Revised August 2006Submit Documentation Feedback
Other manuals for Serial Programming Adapter MSP430
12
Table of contents
Other Texas Instruments Microcontroller manuals
Texas Instruments
Texas Instruments TIRIS RI-STU-MRD1 User manual
Texas Instruments
Texas Instruments CC1125 User manual
Texas Instruments
Texas Instruments CC1125 User manual
Texas Instruments
Texas Instruments REF70EVM User manual
Texas Instruments
Texas Instruments LaunchPad CC1312PSIP User manual
Texas Instruments
Texas Instruments MSP430F6777 User manual
Texas Instruments
Texas Instruments TAS5805M User manual
Texas Instruments
Texas Instruments MSP430F643 Series User manual
Texas Instruments
Texas Instruments CC1110 User manual
Texas Instruments
Texas Instruments MSPM0L1306 User manual
Texas Instruments
Texas Instruments TPS65941120-Q1 User manual
Texas Instruments
Texas Instruments LaunchPad MSP430FR2311 User manual
Texas Instruments
Texas Instruments MSP430F67671 User manual
Texas Instruments
Texas Instruments MSP430x4xx Family User manual
Texas Instruments
Texas Instruments DLP Discovery 4100 User manual
Texas Instruments
Texas Instruments MSP430F42 series User manual
Texas Instruments
Texas Instruments MSP430F6747 User manual
Texas Instruments
Texas Instruments TMS370 Series Use and care manual
Texas Instruments
Texas Instruments MSP430F663x User manual
Texas Instruments
Texas Instruments AM5728 User manual
Popular Microcontroller manuals by other brands
Silicon Laboratories
Silicon Laboratories C8051F912 user guide
Dialog Semiconductor
Dialog Semiconductor DA14531 PRO Hardware user manual
NXP Semiconductors
NXP Semiconductors PN7462AU quick start guide
NXP Semiconductors
NXP Semiconductors P89LPC952 user manual
PLX Technology
PLX Technology PEX 8614AA Hardware reference manual
Microchip Technology
Microchip Technology PIC32MZ user guide
Altera
Altera Stratix III Device handbook
Arduino
Arduino ABX00032 Product reference manual
PCB Components
PCB Components Micro KSQ Series user manual
Murphy
Murphy MURPHYMATIC ASM160 Installation and operation instructions
National Semiconductor
National Semiconductor LMH0340 user guide
Nuvoton
Nuvoton ARM Cortex-M NuMicro NUC472 Series user manual
